TITLE OF THE INVENTION 

Optical Disk, Optical Recorder, Optical Reproducer, 
Cryptocommunication System and Program License System 

TECHNICAL FIELD 

The present invention relates to an optical disk, an 
optical disk system and a cryptocommunication method* 

BACKGROUND 

In recent years, with the increased use of networks 
such as the Internet and optical CD ROM disks, network 
soft key distribution for optical ROM disks has 
increased* Also, electronic commercial transactions have 
increased. 

Soft key electronic distribution systems for CD-ROM 
media have been used* In conventional systems, it is 
known to give passwords and decipher the enciphered soft 
ciphers recorded on the CD-ROMs in advance. When CD-ROMs 
are used, however, it is not possible additionally to 
record on the disks, so that it is not possible to 
individually set IDs for respective disks. Therefore, 
one password would release the ciphers of all the disks 
manufactured from the same original disk. For this 
reason, when CD-ROMs are used, it is necessary to install 
the disks' IDs on the hard disks of personal computers, 
or mail to users IDs prepared centrally. 

In electronic distribution systems with conventional 
optical disks and/or optical disk systems, there is a 
need to provide the disks and/or systems with IDs and/or 
cipher keys. It is an object of the present invention to 
simply provide IDs and cipher keys for ROM disks in 
electronic distribution systems. 

SUMMARY OF THE INVENTION 

To achieve the objects of the present invention, the 
pit portions of optical disks are provided with an 
additional recording area or Burst Cutting Area 
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(hereinafter abbreviated as BCA) overwritten with a bar 
code and, when the disks are manufactured, IDs differing 
for each disk and, according to the need/ cipher keys for 
communication and decoding keys for decoding key cipher 
5 texts for communication, are recorded individually in the 
BCA areas. As a result, when the disks have been 
distributed to users, the user ID numbers, the cipher 
keys for transmission for communication, and the decoding 
keys for reception are distributed automatically to the 
10 users. Xt is therefore possible to omit some of the 
procedures that complicate conventional systems* Also, 
cryptocomxnunication and the identification of disks are 
made possible at the same time* 

BRIEF DESCRIPTION OF THE DRAWINGS 
15 Fig. 1 is a flow chart of an optical disk according 

to an embodiment of the present invention. 

Figs. 2a-c are cross sections and results of 
trimming with a pulse laser according to an embodiment of 
the invention. 

20 Figs. 3a-g show the signal reproduction waveforms at 

a trimming portion according to an embodiment of the 
invention • 

Fig. 4 is a block diagram of a reproducer according 
to an embodiment of the invention. 
25 Fig. 5a shows the waveform of a reproduced signal at 

a BCA part according to the invention. Fig. 5b shows 
dimensional relationships of a BCA part according to the 
invention . 

Fig. 6 shows a method of cryptocommunication and a 
30 cipher key method by means of a password according to an 
embodiment of the present invention* 

Figs. 7a-c show the format of a BCA according to the 
invention. 
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Fig. 8 shows a method of cryptocommunication and a 
method of unlocking a cipher with a password according to 
an embodiment of the invention . 

Fig. 9 shows a procedure for operation of a disk, 
5 the content part of which may have been licensed, 
according to an embodiment of the invention. 

Fig, 10 is a block diagram of an example wherein a 
BCA has been recorded in a RAM disk according to an 
embodiment of the present invention. 
10 Fig, 11 is a block diagram of a method or system for 

prevention of unauthorized copying according to an 
embodiment of the invention. 

Fig, 12 is a flow chart depicting preventing 
unauthorized copying according to an embodiment of the 
15 invention. 

Fig, 13a is a plan view and Fig. 13b is a cross 
section of an optical disk, on the BCA of which an 
article or commodity bar code has been printed, according 
to an embodiment of the invention. Fig. 13c shows a 
20 method of producing an optical disk according to an 
embodiment of the invention. 

Fig. 14 is a block diagram of a POS settlement 
system with a ROM disk having a BCA and a POS terminal 
according to an embodiment of the invention, 
25 Fig. 15 is a flow chart of cipher release in and 

between a press company, a software company and a selling 
store, according to an embodiment of the present 
invention . 

Figs. 16 and 17 are flow charts (Parts 1 and 2, 
30 respectively) of steps of enciphering and decoding cipher 
data with a disk ID and/or the like according to an 
embodiment of the invention. 

Figs. 18, 19 and 20 are flow charts (Parts 1, 2 and 
3, respectively) of communication cipher key distribution 
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and cryptocommunication with a BCA according to an 
embodiment of the invention. 

Pigs. 21, 22 and 23 are flow charts (Parts 1, 2 and 
3, respectively) of an electronic settlement system with 
5 a BCA according to an embodiment of the present 
invention . 

Fig. 24 is a block diagram of a method of recording 
and reproducing for recording limitation to one RAM disk 
with a BCA according to an embodiment of the invention. 
10 At the end of this specification is appended a list 

identifying items corresponding to the reference numerals 
used in the aforementioned drawings, that listing being 
in consecutive numerical order of the reference numerals. 

DETAILED DESCRIPTION OF THE INVENTION 

15 1» present invention will be described on the basis 

a number of embodiments . Herein, an additional recording 
area using the BCA system is referred to as a 'BCA area', 
and data recorded in a BCA is referred to as # BCA data'. 
In addition, first identification data is referred to as 

20 'ID' or 'disk ID' . 

Fig. 1 shows a typical process for producing a disk 
with a BCA. The first cipher key 802, such as a public 
key, is used by a cipher encoder or scrambler 803 to 
encipher contents 777 into the first cipher 805. An 8-16 

25 modulator 917, such as a mastering unit, modulates the 
first cipher 805. A laser records the modulated signal 
as pits in the first recording area 919 of an original 
disk 800. A molding machine 808a uses the original disk 
800 to mold disk- like transparent substrates (not shown) . 

30 A reflecting film making machine 808b forms reflecting Al 
films, and makes single-sided disks 809a and 809b which 
are each 0.6 millimeter thick. A bonding machine 808c 
laminates these disks together to make a completed disk 
809. A trimming unit 807 modulates the disk ID 921, the 
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first cipher decoding key 922, or the second cipher key 
923 for Internet communication in the second recording 
area 920 of the completed disk 809, with a Phase 
Encoding-Return to Zero (PE-RZ) modulator 807a, which 
5 combines PE modulation and RZ modulation. A pulse laser 
807b effects BCA trimming to make a disk 801 with a BCA. 
Because laminated disks are used, it is not possible to 
alter the BCA inside, and thus the completed disk can be 
used for security . 
10 A BCA will next be explained briefly. 

As shown in Fig. 2a, a pulse laser 808 trims the 
reflecting aluminum films 809 of the two -layer disk 800 
d in a BCA to record a stripe-like low reflection part 810 

on the basis of a PE modulating signal. As shown in Fig. 
m 15 2b, BCA stripes are formed on the disk. If the stripes 
ih are reproduced by a conventional optical head, the BCA 

has no reflecting signal. Therefore, as shown in Fig. 
CO 2c, gaps 810a, 810b and 810c are produced, where the 

modulating signal is missing. The modulating signal is 
Jj 20 sliced at the first slice level 915. But, the gaps 810a- 
fy c have a low signal level, and can therefore be sliced 

5J easily at the second slice level 916. As shown with the 

recorded and reproduced waveforms in Fig. 3, it is 
possible to reproduce the formed bar codes 923a and 923b 
25 by level-slicing them at the second slice level 916 by a 
conventional optical pickup as shown in Fig. 3e. As 
shown in Fig. 3f , the waveforms of the codes are shaped 
by a LPF filter so as to PE-RZ decode the codes. As 
shown in Fig. 3g, a digital signal is output. 
30 With reference to Fig. 4, the decoding operation 

will be explained. A disk 801 with a BCA includes two 
transparent substrates, which are laminated with a 
recording layer 801a between them. The recording layer 
may either be a single layer 801a or include two 
35 recording layers 800a and 800b. If there are two layers, 
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a BCA flag 922 is recorded in the control data of the 
first recording layer 800a, which is adjacent to the 
optical head 6, The flag 922 indicates whether a BCA is 
recorded or not. Because a BCA is recorded in the second 
5 layer 800b, the first recording layer 800a is focused on 
first, and the optical head 6 is moved to the radial 
position of the control data 924 in the innermost edge of 
the second recording area 919. The control data is main 
data, and has therefore been Eight to Pour teen Modulation 

10 (EFM), 8-15 or 8-16 modulated. Only when the BCA flag 
922 in the control data is '1', a single/double layer 
switching part 827 focuses on the second recording layer 
801b to reproduce the BCA. If the signal is sliced by a 
level slicer 590 at the general first slice level 915 as 

15 shown in Fig, 2c, it is converted into a digital signal. 

This signal is demodulated in the first demodulation part 
by an EFM demodulator 925, an 8-15 modulator-demodulator 
926 or an 8-16 modulator-demodulator 927. An ECC decoder 
36 corrects errors, if any, and outputs main data. The 

20 control data in the main data is reproduced and only if 
the BCA flag 922 is 1 is the BCA read. When the BCA flag 
922 is 1, a CPU 923 orders the single/double layer 
switching part 827 to drive a focus adjustment part 828, 
switching the focus from the first recording layer 801a 

25 to the second recording layer 801b. At the same time, 
the optical head 6 is moved to the radial position of the 
second recording area 920, that is, for the DVD standard, 
the BCA is recorded between 22.3 and 23.5 mm from the 
inner edge of the control data. Then the BCA is read. 

30 Reproduced in the BCA area is a signal with a partially 
missing envelope as shown in Fig. 2c. By setting in the 
second level slicer 929 the second slice level 916 of 
which the quantity of light is smaller than that of the 
first slice level 915, it is possible to detect the 

35 missing parts of the reflecting portion of the BCA, and 
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a digital signal is output. This signal is PE-RZ 
demodulated by the second demodulation part 930, and ECC 
decoded by an ECC decoder 930b so as to output BCA data, 
which is auxiliary data* Thus, the first demodulator 
5 928, operative according to, 8-16 modulation demodulates 
and reproduces the main data, while the second 
demodulation part 930 operative according to PE-RZ 
modulation demodulates and reproduces the auxiliary data, 
that is, the BCA data. 

10 Pig. 5a shows the reproduced waveform before passage 

through a filter 943. Pig. 5b shows the working size 
accuracy (precision) of the slits of the low reflecting 
portion 810. It is difficult to make the slit width less 
than 5mm. In addition, if the data is not recorded 

15 inward radially from 23.5 mm, it will not be properly 
reproduced. Therefore, for a DVD, because of the 
limitations of the shortest recording cycle of 30 and 
the maximum radius of 23.5 mm, the maximum capacity after 
formatting is limited to 188 bytes or less. 

20 The modulating signal is recorded as pits by the 

8-16 modulation mode, and a high frequency signal such as 
the high frequency signal part 933 in Pig. 5a is 
obtained. However, the BCA signal is a low frequency 
signal like low frequency signal part 932. Thus,' if the 

25 main data complies with the DVD standard, it is a high 
frequency signal 932 which is about 4.5 MHz or less, 
shown in Pig. 5a, and the auxiliary data is a low 
frequency signal 933 which is 8.92 ms in period, that is, 
about 100 kHz. It is therefore relatively simple to 

30 frequency- separate the auxiliary data with a LPP 943. A 
frequency- separating method 934 as shown in Pig. 4, 
including the LPP 943 can easily separate the two 
signals. In this case, the LPP 943, may be simple in 
structure. 

35 The foregoing is an outline of the BCA. 
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With reference to Fig. 6, the overall system of a 
cipher software unlatching system, narrowed down to the 
operations of password issue, cryptocommunication, and 
orderer certification, will be described. The steps in 
5 a press factory are nearly the same as in Fig* 1, so the 
original disk 800 and the completed disk 809 are not 
shown. 

In a press factory 811, a cipher encoder 812 
enciphers the data in the plaintexts 810 of the first to 

10 the '1- m'th contents or scrambles the picture signals 
therein with the first to '1- m'th cipher keys 813, 
respectively. The data or the signals are then recorded 
on an original optical disk 800. Disk- like substrates 
809 are pressed from the original disk 800. After a 

15 reflecting film is formed on each substrate 809, the two 
disk- like substrates are laminated together. Thereafter 
a completed disk 809 is made. Recorded in the BCA areas 
814 of completed disks 809 are different IDs 815 and/or 
first cipher keys 816 (public keys) and/or second cipher 

20 keys 817 (public keys) and second computer connection 
addresses 818 so as to make disks 801 each with a BCA. 
The disks 801 are distributed to users* 

The contents of these disks have been enciphered. 
Therefore, in order to reproduce the contents of each to£ 

25 the disks, it is necessary to get a password from a 
password issue center, an electronic shop or a mall, by 
paying a charge. That procedure will be described next. 

In a user's first computer 909, if a reproducer 819 
reproduces a distributed disk 801 with a BCA, a BCA 

30 reproduction part 820 including a PE-RZ demodulation part 
reproduces the data of the ID 815, first cipher key 816, 
second cipher key 817 and/or connection address 818. In 
order to get a password, the connection address 818 of 
the second computer 821a, which is the server of a 

35 password issue center 821, is accessed through a 
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communication part 822 via the Internet or another 
network 823, and the ID is transmitted to the second 
computer 821a. 

Here, the cryptocommunication procedure will be 
5 described. The second computer 821a receives the ID 815 
from the user's reproducer 819. Then, the second 
computer or server 821a of the password issue center 821, 
which is called a 'mall' or an 'electronic shop' has a 
cipher key database 824. This database contains a table 

10 of the secret keys which are the decoding keys 
corresponding to the disks' own IDs or the first cipher 
keys 816 of the IDs, that is the first decoding keys 825 
and the IDs . The server can therefore search for the 
first decoding key 825 based on the received ID. Thus 

15 cryptocommunication is completed from the first computer 
to the second computer 821a. In this case, if the first 
cipher key and first decoding key are common keys of a 
common key cipher, not of an public key cipher, they are 
the same key. 

20 If the user wants to use part of the enciphered 

contents stored on the disk 801, which may be 1,000 in 
number, for example, the content number 826 of which is 
'n't the user sends to the second computer 821a the 
cipher which is the content number 826, that is, 'n' 

25 enciphered with the public key which is the first cipher 
key 816 by the first cipher encoder 827 composed of 
public key cipher functions. The second computer 821a 
searches for the first decoding key 825 for decoding this 
cipher as stated above. It is therefore possible 

30 securely to convert this cipher into plaintext. Thus, 
the cipher protects the privacy of the user's order data. 

In this case, a signature may be made by means of 
the secret key of the public key cipher as the first 
cipher key 816. This method is called 'digital 

35 signature' . For a detailed explanation of the operation 
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of * digital signature', see, for example, 'Digital 
Signature of E-Mail Security by Bruce Schneider 1995' . 

Back to the cryptocommunication, the cipher is sent 
through the communication part 822 and network 823 to the 
5 first cipher decoder 827 of the password issue center 
821. Thus the first cipher decoder 827 decodes the 
cipher by means of the first pair cipher key 825 pairing 
with the first cipher key 816 • 

In this case, because only the one disk has the 
10 public key, it is possible to reject invalid orders from 
third parties' disks. In other words, because each disk 
can be certified, it is possible to certify the user who 
y owns the disk. It is thus certified that the content 

number 'n' represents a particular individual's order, 
CP 15 It is therefore possible to exclude invalid orders of 
f\ third parties. 

j If the public key 816 is secret, this method can 

technically be used to send a credit card number, or 
other accounting data which requires high security, 
yy 20 Generally shops called 'malls' however, do not settle 
users' accounting data electronically, because there is 
|5 no guarantee of security. Only the accounting centers 

828 of credit card companies, banks and the like can deal 
with users' financial data. Presently, security 
25 standards such as secure electronic transaction (SET) are 
being unified, so it is probable that Rives t, Shamir and 
Adleman (RSA) 1024 bit public key ciphers will be used 
and the encipherment of financial data will be possible. 
Next, the accounting data cryptocommunication 
30 procedure of the present invention will be shown. Pirst, 
by using the second cipher key 817 of the public key 
cipher reproduced by the BCA reproduction part 820, the 
second cipher encoder 831 enciphers the accounting data 
830 such as an individual's credit card number with a 
35 public key system cipher such as RSA. The enciphered 
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data is sent from the communication part 822 through the 
second computer 821 to the cipher decoder 832 of the 
third computer 828* In this case, if there is a' v need for 
digital signature, the secret key 829 is used as the 
5 second cipher key 817. 

Similar to the procedure for the cipher key of the 
second computer 821a of the password issue center 821 , it 
is possible to search the cipher key database 824a for 
the second decoding key 829 corresponding to the ID or 

10 the second cipher key 817* By using this decoding key 
829/ the second cipher decoder 832 can decode the 
enciphered accounting data. 

Xf a digital signature is made by the second cipher 
encoder 831 with the secret key 829/ the user's signature 

15 can be confirmed in the second cipher decoder 832* The 
accounting center 828 can thus get the user's credit card 
number, bank card number, bank password, or other 
accounting data safely even via the Internet. Xn open 
networks such as the Internet, security comes into 

20 question* By means of this system, however, it is 
possible to make cryptocommunication or certification 
without fault, because the cipher key (public key) for 
cryptocommunication or the secret key for digital 
signature has been recorded in the BCA. It is therefore 

25 possible to prevent third parties' unauthorized 
accounting and orders* In addition, because it is 
possible to use various public keys for different disks, 
that is, different users, the confidentiality of 
communication is improved, and the possibility of users' 

30 accounting data leaking to third parties is reduced* 

Referring back to Fig* 6, the procedure for issuing 
a password and the procedure for unlatching with a 
password will be explained. The password issue center 
821 includes a password generation part 834 with an 

35 operation expression of public key ciphers etc. Part 834 
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generates a password on the basis of three data fields, 
namely, the ID, the content number which the user wants 
to unlatch, and the time data representing the period of 
use allowed. The generated password is sent to the first 
5 computer 909* In the simplest structure example , the 
second computer enciphers with the public key for the 
public key cipher the data which is a mix of the decoding 
key disk ID for releasing the cipher of the '1- n'th 
content and the timing data, prepares at the password 

10 generation part 834 the '1- n'th password 834a which is 
a mix of secret keys for unlatching the enciphered data, 
and sends this password 834a to the first computer 909* 
The first computer 909 receives the '1- n'th password, 
and decodes with the secret key the mixed keys of the 

15 disk ID, the timing data and the '1- n'th content. Here, 
the password operation part 836 checks the ID 835a of the 
BCA reproduced from the disk, the present second timing 
data 835b, the allowed ID 833a and the first timing data 
833, and operates to determine if they coincide. If they 

20 do coincide, they are allowed. The '1- n'th decoding key 
836a is output to the cipher decoder 837, The cipher 
837a of the '1- n'th content is decoded. The '1- n'th 
content 838 then is output. The period of output is 
limited to the time during which the first timing data 

25 833 and second timing data 835b coincide. The password 
operation part 836 of the first computer 909 computes 
three data fields, which are the ID, the password 835 and 
the timing data from the clock 836b representing the 
present time. If the ID and timing data are correct, the 

30 correct decoding key is output as the result of the 
computation. Therefore, the cipher decoder 837 decodes 
or descrambles the '1- n'th cipher, outputting the 
plaintext data of the '1- n'th content 838, or a 
descrambled picture signal or audio signal. 
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In this case, if the second timing data 835b of the 
clock 836b does not coincide with the first timing data 
838 of the password, the cipher is not correctly decoded 
and therefore not reproduced. If timing data is used, it 
5 can be applied to time-limit type rental systems, so that 
a movie can be reproduced for only three days during a 
rental period. 

While Pig. 6 shows the procedure in a block diagram, 
the flowcharts of the procedure will be explained later 

10 with reference to Figs. 16 - 23. 

Next, the system for the cipher key will be 
described. By putting, as shown in Fig. 7a, both the 
first cipher key 816 and second cipher key 817 in the 
BCA, it is possible to provide two securities, for a 

15 commodity deal with a shopping mall and an account 
settlement with an ' accounting center' . 

In this case, with respect to the security with an 
accounting center, it is planned to unify standards such 
as SET, so that an RSA 1024, that is 128 byte cipher key, 

20 will be stored in the second cipher key area 817a. Then, 
because the BCA has only 188 bytes, only 60 bytes remain 
for the cipher key for dealing with a shopping mall. An 
elliptic function system public key cipher is a cipher 
function which is 20 bytes in magnitude and which has a 

25 security level equal to that of 128 bytes of RSA 1024. 

An elliptic function is used in the first cipher key 
area 816a of the present invention. An elliptic function 
can obtain 20 byte security, which is equivalent to RSA 
1024. Therefore, by using an elliptic function, it is 

30 possible to store both the first cipher key 816 and 
second cipher key 817 in the 188 byte BCA area. 

By applying a BCA to an optical ROM disk, as stated 
before, it is possible to record a disk's own ID number, 
the first and second cipher keys, and a connection 

35 address. In this case, if the Internet is used, a mall 
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Is accessed automatically, and merely by distributing 
disks with cipher keys recorded in the BCAs, security is 
possible for distribution of commodities by releasing the 
ciphers of contents/ certification and keeping secret 
purchase of goods, certification and keeping secret when 
accounts are settled, and the like* Therefore, the 
method of cryptocommunication of the present invention 
can, without lowering security, omit and rationalize the 
conventional operations of using IC cards, floppy disks 
and/ or letters to distribute ZDs and/or cipher keys to 
users ♦ This is a great advantage* Furthermore, a URL, 
which is an Internet connection address, is not fixed, 
but changeable. The URL is recorded in the original 
disk, and may be accessed* It is, however, not efficient 
from the points of view of time and cost to vary the 
original disk when a URL change is made. By having 
recorded the changed URL in the BOA, and connecting the 
BCA connection address 931 instead of the connection 
address of the original disk only if the connection 
address 931 is reproduced from the BCA, it is possible to 
access the changed address 931 without preparing a new 
original disk* 

Fig* 6 shows a case where the first key of the 
public key and the first key of the public key have been 
recorded in the BCA* 

Fig* 8 shows two diagrams, in one of which the first 
cipher key 816 of the public key and the third decoding 
key 817a of the secret key have been recorded in the BCA* 
In the other diagram, a cipher key is produced for 
cryptocommunication* Because the procedure is similar to 
that of Fig. 6, only different points will be described. 
First, in a press factory, the first cipher key 816 and 
third decoding key 817a are recorded in the BCA. The 
third decoding key 817a is used to receive the cipher 
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enciphered with, the public key from an accounting center. 
In this case, the reception security is improved. 

First, with reference to Fig* 8, a more specific 
example of cryptocoxnmunication where a cipher key is 
5 generated will be described* Because the first cipher 
key 816 is a public key, it is necessary to record the 
third decoding key 817a for reception in the BCA. But 
the BCA has a small capacity. In addition, the public 
key needs processing time. Therefore, in Fig* 8, the 
10 cipher key generation part 838a of the first computer 836 
generates a pair of a cipher key and a decoding key for 
the public key or a common key by means of a random 
number generator or the like. An example of the common 
i§ key will be described. A common key K 838 is enciphered 

■|J 15 with the first cipher key 816 and first cipher encoder 

842, and sent to the second computer 821a. The second 
ly computer uses the main decoding key 844 to convert this 

cipher into plaintext by means of the main cipher decoder 

843, obtaining a common key K 838a. Because both have 
9 20 the common key K, it is possible to make 

cryptocommunication from a shop to a user, that is, from 
the second computer 821a to the first computer 836 by 
delivering the common key K to the second cipher encoder 
842a and second cipher decoder 847a. Naturally, it is 

25 also possible to make cryptocommunication from the user 
to the shop, that is, from the first computer 836 to the 
second computer 821a by delivering the common key K to 
the second cipher encoder 827a and second cipher decoder 
845a. The effects of the method of recording in the BCA 

30 the first cipher key which is a public key and generating 
a cipher key will be stated. First, it is necessary only 
to record the first cipher key, so that the recording of 
the decoding key can be omitted. Therefore, the small 
capacity of the BCA is not reduced. Second, because the 
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decoding key is recorded in the BCA, the security is 
improved. The common key may be changed each time* 

Because of the short operation time, the processing 
time is short* In this case, if the cipher key 
5 generation part 838a has generated a pair of a cipher key 
and a decoding key of a public key cipher, not a common 
key, it is possible to make the security higher than that 
with the common key, though the processing time is 
longer, by cryptically sending the cipher key to the 

10 second computer 821a, using this key as the cipher key of 
the second cipher encoder 842a, and using the decoding 
key as the decoding key of the second cipher decoder 847. 
If the performance of the processing CPU is high, it is 
preferable that the public key be use<i. If a new public 

15 key is generated, only the public key for the first 
cipher key is recorded in the BCA, so that no problems of 
security arise. No capacity of the BCA is consumed 
either. In addition, because it is not necessary to 
change the cipher key, maintenance is easy. 

20 This time, if the common key K 838 is defined at the 

second computer 821a of the password issue center 821, 
the common key is enciphered with the third cipher key 
839 by the third cipher encoder 840, and sent to the 
personal computer 836. By using the third decoding key 

25 837 which is the secret key reproduced from the BCA, the 
third cipher decoder 841 of the personal computer 836 
makes a translation into plaintext to obtain a common key 
K 838b. In this case, because only this user has the 
third decoding key 817a which is the secret key, it is 

30 possible to prevent the contents of communication from 
the center to the user from leaking to third parties. 
The format of this case is shown in Pig. 7b. If an 
elliptic function is used, the third decoding key 839b 
may be 20 bytes, and can therefore be stored in the BCA. 
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Pig. 9 shows a system for reducing the costs of 
preparing an original disk by using a BCA in an 
encipherment disk* 

If there is a number 'n' of, for example, 1,000 

5 plaintext contents 850, the cipher encoder 852 enciphers 
them with the first to the 'm'th cipher' keys 851, 
respectively. The ciphered first to the 'm # th contents 
853, the decoding program 854a for the first to 'm'th 
contents, and the second cipher decoder 861a, which is 

0 the program for decoding the second cipher, are recorded 
as pits in an original disk and then molded into a 
substrate, and a reflecting film is formed* Thereafter, 
two substrates are laminated together to complete an 
optical disk 801. The second cipher encoder 860 

5 enciphers the decoding data 854 such as the password for 
unlatching the '1- n' th, for example, the first content, 
and the decoding key. Recorded in advance in the BCA of 
the first disk are the disk's own identification data, 
that is, the ID 855 and the second cipher which is the 

0 enciphered decoding data. Then, in the reproducer, the 
second cipher is reproduced from the BCA reproduction 
part 820. The second cipher decoder 861 is reproduced 
from the data reproduction part 862, which reproduces the 
ordinary recorded data other than the BCA. Therefore, 

5 the second cipher decoder 861 is used to decode the 
second cipher, reproducing the ID 855a and '1- n'th 
password 854a. The cipher decoder 855b uses the decoding 
program 854a for the '1- n'th content reproduced from the 
data reproduction part 862, and uses the ID 855a and 

0 password 854a to decode the first cipher, obtaining the 
plaintext 855c of the 'l- n'th content and the 
identification data 855a. For a personal computer, the 
content and ID are recorded on the hard disk 863. This 
ID 855a checks to determine if there is no same ID on a 

5 network when the program has started, and the ID 855a 
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actuates the network protection* It is therefore 
possible to prevent the software from being illegally 
installed* This is yet another advantage of the present 
invention. For example, if 1,000 enciphered contents are 

5 stored and decoding data such as a password corresponding 
to a particular software application are recorded on an 
original disk, this is equivalent in substance to the 
preparation of an optical ROM disk for a particular 
content* It is possible to obtain with one original disk 

10 the same effect as in the case where original disks for 
1,000 kinds of software are cut* It is therefore 
possible to reduce the costs and time or labor for 
preparing an original disk* 

Described with reference to Fig. 10 is the procedure 

15 for enciphering contents with a BCA when recording them 
on a RAM disk* First, the BCA reproduction part 820 
reproduces the BCA data from the RAM disk 856, outputs an 
ID 857, and sends it through the interfaces 858a and 858b 
and the network to the encipherment part 859* The cipher 

20 encoder 861 of the encipherment part 859 enciphers 
contents 860 or scrambles picture and sound signals by 
means of a key including the ID 857* The enciphered 
contents are sent to the recorder/reproducer, where the 
recording circuit 862 records them on the RAM disk 856* 

25 Next, when this signal is reproduced, the data 

reproduction part 865 demodulates the main data to 
reproduce the enciphered signal, and the cipher decoder 
863 decodes the reproduced signal. The BCA reproduction 
part 820 reproduces data containing the ID 857 from the 

30 BCA area of the RAM disk 856* The reproduced data is 
sent as part of the key to the cipher decoder 863. If 
normally copied, the cipher key recorded in the RAM disk 
is a normal disk ID* The RAM disk ID, also, is a normal 
disk ID. Therefore, the cipher is decoded or descrambled 

35 to output the plaintext 864 of the '1- n'th content* For 
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a graphic data, for example, the MPEG signal is extended 
to obtain a picture signal. 

In this case, the disk ID is the key for 
encipherment • Because each disk is unique, it can be 
5 copied on only one RAM disk* 

If a disk ID is copied from a normal RAM disk to 
another RAM disk, IDl which is the original normal disk 
ID differs from ID2 which is the disk ID of the other, 
unauthorized, RAM disk* If the BOA of the unauthorized 

10 RAM disk is reproduced, ID2 is reproduced. The contents 
are ciphered with IDl, however, so that, even if 
unlatching is attempted with ID2 at the cipher decoder 
863, the cipher is not decoded because the key differs. 
Thus, the signal of the illegally copied RAM disk is not 

15 output, so that the copyright is protected. The present 
invention uses a disk ID system. Therefore, by 
reproducing with any drive the normal RAM disk copied 
normally only once, it is possible to unlatch the cipher. 
The encipherment part 859 may, in place of the center, be 

20 an IC card with a cipher encoder. 

With reference to the block diagram of Fig. 11 and 
the flowchart of Fig, 12, the method of preventing 
copying will be described. At Step 877a, the 

installation program is actuated. At Step 877b, the BCA 

25 reproduction part 820 outputs the ID of the auxiliary 
data from the laminated optical disk 801. At Step 877d, 
the data reproduction part 865 reproduces the contents 
and network check software 870 from the main data. The 
contents and the ID 857 are recorded on the HDD 872, At 

3 0 Step 877c, the ID 857 is encoded with a particular secret 
cipher so as not to be altered illegally, and is recorded 
as a soft ID in the HDD 857. Thus, the soft ID 873 is 
recorded together with the contents on the HDD 872 of a 
personal computer 876. Here described is the case where 

35 the program is started at Step 877f of Fig, 12, When the 
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program is started, the procedure goes to Step 877g, 
where the soft IB 873 of the HDD 872 is reproduced, and 
the soft XD 873a in the HDD 872a of another personal 
computer 876a on a network 876 is checked through the 
5 interface 875* At Step 877h, a check is made to judge if 
the soft ID 873a of the other personal computer and the 
soft XD 873 are the same number* If so, the procedure 
goes to Step 877 j, where the start of the program of the 
personal computer 876 is stopped or a warning message is 

10 displayed on the screen. 

Xf the soft XD 873a of the other personal computer 
and the soft XD 873 are different, the contents are not 
installed in the plurality of the computers on the 
network* Xt is therefore decided that there are no 

15 illegal copies. Then the procedure goes to Step 877k, 
where the start of the program is permitted. In this 
case, the soft ID 873 may be sent to other personal 
computers through the network. This personal computer 
can detect illegal installation by checking duplication 

20 of the soft IDs of the personal computers. Xf there is 
illegal installation, a warning message is sent to the 
appropriate personal computer/s. 

Thus, by recording the XD in the BCA, and recording 
the network check program in the pit recording area, it 

25 is possible to prevent multiple installation of the 
software of the same ID on the same network. In this 
way, simple protection from illegal copies is realized. 

By, as shown in Pig. 13a, applying a write (writing) 
layer 850 of white material, on which characters or the 

30 like can be written, it is possible to not only print 
characters and write a password or the like with a pen, 
but also prevent the substrates of the optical disk from 
being damaged because the write layer 850 thickens. The 
disk ID 815, which is part of the BCA data 849 recorded 

35 by trimming in the BCA area 801a above the write layer 
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850 , Is translated into plaintext* The plaintext is 
converted into alphanumeric characters 851 . By printing 
the characters 851 and general bar code 852, it is 
possible for the store and/or user to confirm and/or 
5 check the ID with a POS bar code reader and/or visually, 
without reading the BCA with a reproducer. The visible 
ID is not necessary if the user informs the center of the 
ID through a personal computer. If, however, the user 
communicates the ID aurally by telephone to the center, 

10 it is possible to inform the center of the ID without 
inserting the disk in a personal computer, by printing 
the ID identical with the BCA ID in visible form on the 
disk, because the user can visually read the ID. With 
reference to the flowchart of Fig. 13c, the steps for 

15 making an optical disk will be explained. At Step 853d, 
disks are molded from an original disk, and substrates in 
which pits have been recorded are made. At Step 853e, 
aluminum reflection films are made. At Step 853 f, two 
disk substrates are laminated with an adhesive so that a 

20 DVD disk or the like is completed. At Step 853g, a label 
is printed by screen printing on one side of each disk. 
At this step, the original disk's own identification data 
is recorded in the form of a bar code. At Step 853h, an 
ID and/or other identification information is printed in 

25 the format of a bar code for POS on each disk by an ink 
jet bar code printer or a thermal - transcription bar code 
printer or the like. At Step 853i, the bar code is read 
by a bar code reader. At Step 853 j, a BCA data 
corresponding to the identification data is recorded in 

30 the second recording area of the disk. According to this 
method of manufacturing, the BCA data is recorded after 
all the steps including the POS bar code and excluding 
the BCA are finished and then the disk identification 
data is confirmed. The BCA can be read only by 

35 reproducing the disk, but the POS bar code, which is low 
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in density, can be read by a commercial bar code reader. 
The disk ID can be discriminated at every step in the 
factory. By recording the disk ID in the form of a POS 
bar code before the BCA trimming, it is possible to 
almost completely prevent the BCA and the POS bar code 
from being illegally recorded. 

The method of using a BCA will be stated by which 
secondary recording and tertiary recording, too, can be 
made by the BCA method. As shown at Process 2 in Fig. 
15, a software maker can also secondarily record a 
pirated edition prevention mark and a check cipher. At 
Process 2, disks 944b may be made in which different ID 
numbers and/or cipher keys for secret communication with 
users have been recorded. It is possible to replay the 
disks 944c and 944d without entering the passwords. 

For another application, at Process 3, an enciphered 
or scrambled MPEG picture signal and/or other data is 
recorded on a disk 944e. The operation of the MPEG 
scramble will not be explained in detail. At Process 4, 
the software company makes a disk 844 f in which a 
sub-public key for decoding the ID number and the 
scramble release data have been BCA -recorded secondarily. 
It is not possible to replay this disk solely. At 
Process 5, the selling store, after receiving the money 
for the disk, makes a password with the sub* secret key 
paired with the sub-public key, and records it tertiarily 
on the disk. Alternatively, a receipt on which the 
password has been printed is given to the user. 
Thereafter, the password has been recorded in the disk 
844g, so that the user can replay it. This method 
prevents a disk not paid for from being replayed 
normally, even if the disk is shoplifted, because the 
scramble of the image is not released. As a result, 
shoplifting renders a useless product and thus decreases. 
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If a password is BCA- recorded permanently in a 
rental video store or another store, a shoplifted disk 
can be used* In this case, as shown at Process 6, the 
BCA is read by a POS bar code reader in the store* A 
5 password for releasing the- scramble is issued at Step 
951g, printed on the receipt at Step 9511, and handed to 
the customer at Step 951 j. The cue t osier enters, at Step 
951k, the password on the receipt in a player with 
numeric keys at his/her house* At Step 951p, the disk is 

10 replayed for a predetermined number of days. If a user 
rents a disk, given a password for only part of the 
software in the disk, and when he/she wants to view other 
part of the software, he/she can replay it by being 
informed of the password for this part by telephone at 

15 Step 951u, and entering the password at Step 951k* A 
rental video store has been shown as an example • When a 
piece of enciphered software for a personal computer is 
sold at a personal computer software store, the password 
may be printed by a POS terminal and handed to the buyer. 

20 The operations of Processes 5 and 6 in Fig. 15 at a 

selling or rental store will be explained in more detail 
with reference to Fig. 14. A selling store receives an 
enciphered and/or scrambled disk 944 f from the software 
maker. After the store confirms its receipt of money 

25 from a user, it sends from its bar code recorder 945 the 
ID number of the disk 944f and the data on the sub-public 
key via its POS terminal 946 to the .password issue center 
952. For a small-scale system, the password issue 
center, that is, the system including the sub- secret key 

30 of the sub-public key may exist in the POS terminal. The 
password issue center inputs the disk ID number and the 
time data at Step 951q, computes them at Step 951s, 
enciphers them with the sub-secret key at Step 951t, 
issues a password at Step 951g, and sends it through the 

35 network 948 and POS terminal 846 to the BCA bar code 
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recorder 945. Then the recorded disk 944g is handed to 
the customer. The disk 944g can be replayed as it is. 

For rental stores and personal computer software 
stores, ROM disks 944f the ciphers and/or scrambles of 
which have not been released are displayed in stores. If 
a customer designates a particular ROM disk 944f , the bar 
code of the reflection layer by the non-reflection part 
915 of the disk 944f is read, so that the disk ID number 
is read, by a person holding a circular bar code reader 
950 with an integrated rotary optical head 953 for 
spirally scanning, and pressing it on the center of disk 
900 in a transparent case. By printing the commodity bar 
code of the disk ID as shown at 852 in Pig. 13, it is 
possible to read the code with an ordinary POS terminal 
bar code reader. Alternatively, the pressed circular bar 
code recorded in advance on the original disk may be 
read. These data including the disk ID are processed by 
the POS terminal 946. The charge is settled by credit 
card. The password issue center issues, at Step 951g, a 
password associated with the ID number as stated above. 
For rental use, a password is made by enciphering the 
disk ID number with date data added as used at Step 951r 
in order to limit the number of days for which the disk 
can be replayed. For this password, the disk can operate 
on only particular days. It is therefore possible to set 
a rental period, which may be three days, for instance, 
in the password. 

The thus issued password for descrambling is printed 
at Step 951i together with the date of rent, the date of 
return and the rental title charge on the receipt 949, 
and handed with the disk to the customer. The customer 
takes the disk 944 j and receipt 949 home. At step 951k, 
the customer enters the password with the ten-key input 
part 954 of the first computer 909 in Fig. 6, so that the 
password 835 is computed with the ID number 835a and 
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input into the cipher decoder 837. Then, the password is 
converted into plaintext by means of the decoding key. 
Only if the password is correct, will the cipher decoder 
837 descramble the program data and supply image output. 
5 In this case, if the password includes time data, 

the data is checked with the date data of the clock part 
836b. The password is descrambled for the coincident 
dates. The inputted password is stored together with the 
associated ID number in the nonvolatile memory 755a of 
10 the memory 755. Once the user enters the password/ it is 
descrambled without being entered again. It is thus 
possible to lock and unlock the disk electronically in 
distribution. 

With reference to Fig. 16/ the method of decoding 

15 the software of a disk which has been recorded as cipher 
data will be explained in detail. 

Step (Process) 865 represents the overall flow of 
distribution of cipher data and individual IDs to users. 
First, at Step 865a # a number 'm' of data enciphered with 

20 the secret first cipher key and a program for decoding 
the enciphered data are recorded in the ROM area of an 
original disk. At Step 865b, substrates are molded from 
the original disk, and then the substrates with 
reflection films added thereto are laminated in pairs to 

25 make completed ROM disks. At Step 865c, the decoding 
data (the disk identification data different for the 
pressed disks, respectively, and/or the decoding key for 
the cipher data) necessary to decode the enciphered data 
is recorded in the auxiliary recording area (called BCA) , 

30 which cannot be rewritten, of each completed disk by a 
method of modulation different from that for the ROM 
area. At Step 865d, a user replays the distributed disk, 
selects a desired enciphered data 'n' , and starts the 
decoding process. At Step 865e, the user's first 

35 computer reproduces the enciphered data and the decoding 
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program from the ROM area, and reads the decoding data 
from the auxiliary recording area (BCA) . If , at Step 
865f, the second decoding data is not obtained on-line, 
then, at Step 871a of Fig. 17, the ID and/or other 

5 auxiliary decoding data are displayed on the screen* At 
Step 871b, the user obtains the second decoding data such 
as the password associated with the ID, and enters it 
into the first computer. Carried out at Step 871c is a 
particular operation of an open-key cipher function with 

10 the disk identification data, the second decoding data, 
and the enciphered data 'n' If, at Step 871d, the result 
is correct, then, at Step 871f, the '1* n'th data is 
translated into plaintext, so that the user can make the 
software of the data 'n' operate. 

15 Next, with reference to the flowchart of Fig. 18, 

the method of cryptocommunication essential to the 
Internet and/or the like using a BCA will be described. 
Step (Process) 868 is the routine of the method of 
distributing the communication program and cipher key for 

20 communication to users ♦ First, at Step 868a, at least 
the communication program and/or connection data are 
recorded in the ROM area of an original disk. At Step 
868b, substrates are molded from the original disk, and 
the substrates are laminated in pairs to make completed 

25 ROM disks. At Step 868c, the disk Identification data 
different for the pressed disks, respectively, and the 
cipher key for cryptocommunication are recorded in the 
non-rewritable auxiliary recording area (BCA) of each 
completed disk. According to circumstances, the 

3 0 connection address of the second computer and/or the 
decoding key for cryptocommunication is recorded by a 
method of modulation different from that for the ROM 
area. At Step 868d, the user's first computer reproduces 
the communication program and the decoding program from 

35 the ROM area, and reads the disk identification data and 
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the cipher key for communication from the auxiliary 
recording area* The process continues at Fig* 19* At 
Step 867a, it is judged if there is a connection address 
in the BCA area* If yes, the second computer is 
accessed, at Step 867b, on the basis of the connection 
address such as the BCA area URL* Xf there is no 
connection address, the computer of the connection 
address in the ROM area is accessed at Step 867c* At 
Step 867d, the transmit data is input* At Step 867e, it 
is judged if there is a cipher ktfy for 
cryptocommunication in the BCA area* If so, the transmit 
data is enciphered, at step 867g, with the cipher key for 
cryptocommunication in the BCA area to make a third 
cipher* Xf not, the data is enciphered, at step 867f, 
with the cipher key for cryptocommunication in the ROM 
area or HDD to make a third cipher * 

In Fig* 20, Step (Process) 869 represents the 
routine of generating a decoding key for the cipher 
received from the second computer 910* First, at Step 
869a, the first computer judges if a decoding key for 
communication is necessary* If necessary, the process 
goes to Step 869b, where a check is made to judge if 
there is a decoding key for communication in the BCA* If 
there is no decoding key, the process goes to Step 869c, 
where a pair of second cipher key for communication and 
second decoding key for communication is generated newly 
with the program for generating the cipher key/decoding 
key reproduced from the ROM area, by the user keying or 
with data from a random number generator and the second 
encoder reproduced from the ROM area* At Step 869d, a 
fourth cipher is made which is the second cipher key for 
communication and/or the user data enciphered with the 
cipher key for communication recorded in the BCA and the 
encipherment software reproduced from the ROM area* At 
Step 869e, the fourth cipher and the disk identification 
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data and/or the user address are sent to the second 
computer of the connection address reproduced from the 
disk. The process of the second computer includes Step 
869f, where the fourth cipher, the disk identification 
5 data and the user address are received. At Step 869g, 
the decoding key for communication paired with the disk 
identification data is selected from the decoding key 
data base, and the fourth cipher is decoded with the 
selected key to obtain the plaintext of the second cipher 

10 key for communication* At Step 869h, the fifth cipher 
which is the server data including part of the user data 
and enciphered with the second cipher key for 
communication is sent through the Internet 908 to the 
first computer. At Step 869i, the fifth cipher (and disk 

15 identification data) is (are) received, and decoded with 
the second decoding key for communication and the 
decoding function recorded in the ROM area to obtain the 
plaintext of the server data. In this way, the method of 
Step 869 in Fig. 20 realizes two-way cryptocommunicatlon 

20 between the first and second computers. 

In Fig. 21, Step (Process) 870 represents the 
routine of receiving accounting data. If, at Step 870a, 
the accounting data is input, the third cipher key of the 
public key cipher for accounting communication is 

25 requested from the second computer. At Step 870b, the 
second computer requests the third cipher key from the 
third computer. The third computer 911 sends the ID and 
third cipher key to the second computer, though the 
exchange step is omitted. At Step 870c, the second 

3 0 computer receives the ID and third cipher key. At Step 
870e, the seventh cipher which is the third cipher key 
enciphered with the second cipher key for communication 
and/or the like is sent to the first computer. The first 
computer receives the seventh cipher at Step 870f. At 

3 5 Step 870g # the received seventh cipher is decoded with 
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the second decoding key for communication so as to obtain 
the third cipher key (public key of public key function) . 
At Step 870h, the third cipher key is recorded on the HDD 
according to circumstances. This is used for the next 
5 transmission. At Step 870i, it is judged if a credit 
card number, a password for settlement and/or other 
secret accounting data are input. At Step 870 j, the 
eighth cipher which is the accounting data enciphered 
with the third cipher key is sent via the second computer 

10 to the third computer. At Step 870k, the second computer 
receives the eighth cipher and transfers it again to the 
third computer. Only the third computer 912, which is, 
for example, at a banking institution, has the decoding 
key for the third cipher, so that the second computer, 

15 which is an electronic store, cannot decode it. At Step 
870m, the third computer determines from the cipher key 
data base the third decoding key associated with the 
third cipher key by using identification data on the disk 
and/or the like, and decodes the eighth cipher with the 

20 third decoding key, which is the secret key of the public 
key cipher, so as to obtain the plaintext of the 
accounting data. At Step 87 On, a check is made to judge 
from the user's credit data, deposit remains and/or other 
banking data whether the money can be received. At Step 

25 87 Op, the third computer informs the second computer of 
the result of the search. The second computer, which is 
an electronic store, judges at Step 870q if the money can 
be received. if not, the process goes to Step 870r, 
where the article and/or the key for decoding the cipher 

30 software is not sent. If the money can be received, for 
a key provision system as shown in Pig. 16, the process 
goes to Step 870s, where the cipher software decoding 
key, that is, the article is sent via Internet 908 to the 
user's second computer. At Step 870t, the first computer 

35 receives the cipher software decoding key. At Step 870u, 
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the cipher of the '1- n'th enciphered software is 
released. At Step 870w, the plaintext of the software is 
obtained. In this way, a content key provision system is 
realized. 

The method of Step 870 in Pig. 21 requests the third 
computer, that is, a banking institution to issue 
according to the need a public key for the third cipher 
key, which needs high security for accounting data. It 
is not necessary to record the public key in the BCA in 
advance. It is therefore possible to use for the third 
cipher key a stronger RSA system cipher key of 256 bytes 
of RSA2048 without consuming the BCA capacity. Further, 
because there is no need for recording in the BCAs of all 
disks in advance, the total of the issued third cipher 
15 keys decreases, and the computer CPU time taken to 
compute the third cipher keys decreases. In addition, 
because the third ciphers do not exist in the BCAs, they 
are not opened, so that the security is improved. In 
this case, the role of the BCA is, as shown in Figs. 19 
and 20, to record the identification data of a secret 
communication disk by means of the cipher key of the 
RSA1024 grade. Only one BCA disk realizes 

cryptocommunication with the second computer, so that the 
effect is high. 

With reference to Fig. 22, step (Process) 872 of 
cryptocommunication in a case where the cipher key and 
the decoding key both for communication have been 
recorded in the BCA will be described. At Step 872g, the 
first computer 909 sends to the second computer 910 the 
ninth cipher which is the user data enciphered with the 
cipher key for communication reproduced from the BCA, the 
basic Identification data recorded in the ROM area when 
the original disk was made, and the disk identification 
data recorded in the BCA area. At Step 872b, the second 
35 computer receives the ninth cipher, the disk 
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identification data and the basic identification data. 
At Step 872c, the decoding key for communication paired 
with the disk identification data from the decoding key 
data base is retrieved/ and the ninth cipher is decoded 
to obtain the plaintext of the user data. At Step 872 e, 
the second cipher key associated with the disk 
identification data is selected from the cipher key data 
base* In addition, the second computer sends to the 
first computer the tenth cipher which is the server data 
enciphered with this second cipher and the third cipher 
key received from the third computer by the procedure 
described in Pig. 21 and enciphered with the second 
cipher. The first computer receives the tenth cipher at 
Step 872f . At Step 872g, the received seventh cipher is 
15 decoded with the second decoding key for communication 
recorded in the BCA, to obtain the plaintext of the 
server data and the third cipher key (public key of the 
public key function) . At Step 872h, according to the 
need, the third cipher key is recorded on the HDP. At 
20 Step 872 i, it is judged if the accounting data is input. 

If so, the process goes to Step 872 j, where the eleventh 
cipher which is the accounting data enciphered with the 
third cipher key is sent via the second coxaputer to the 
third computer. At Step 872m, the second cosputer sends 
25 the eleventh cipher again to the third computer. At Step 
872m, the third computer determines from the third cipher 
key data base, the third cipher key paired with the 
identification data on the disk and/or the like, and 
decodes the eleventh cipher to obtain the plaintext of 
30 the accounting data. At Step 872n, the possibility that 
the money can be received from the user is checked. At 
Step 872p, the result of the search is sent to the second 
computer. At Step 872q, the second computer checks to 
judge if the money can be received from the user. If so, 
35 for a key provision system as shown in Pig. 16, the 
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process goes to Step 872s, where the cipher software 
decoding key, that is, an article is sent via the 
Internet to the user's second computer. At Step 872t, 
the first computer receives the cipher software decoding 

5 key. At Step 872u, the cipher of the '1- n'th enciphered 
software is released. At Step 872w, the plaintext of the 
software is obtained* In this way, a content key 
provision system is realized. 

The merit of the effect of the method of Step 872 in 

0 Pig. 22 is that, because both the cipher key and the 
decoding key are recorded in the BCA area, it is not 
necessary to transmit the decoding key and/or the cipher 
key necessary for reception from the second coxaputer. 
The maximum BCA capacity is 188 bytes. A public key 

5 and/or another cipher function needs only 128 bytes, and 
can therefore be recorded. Further, it is possible to 
bidirectionally encipher the grade in RSA512. Because 
seven or eight elliptic functions can, as shown in Fig. 
7, be stored, elliptic functions are more effective. 

0 With reference to Fig. 23, the operation and effect 

in a case where the first and third cipher keys have been 
recorded in the BCA in advance will be explained. 
Because Steps 872a through 872w in Fig. 22 are nearly 
identical with Steps 873a through 873w in Fig. 23, only 

5 the different steps will be explained. 

The third cipher key for protecting the security for 
accounting data and/or other banking data has been 
recorded in the BCA. Therefore, at Step 873e, the second 
and third computers do not need to generate and send the 

0 third cipher key. At Steps 873e, 873f and 873g, the 
twelfth cipher is sent and received. At Step 873 j, the 
third cipher key is read from the BCA area, and the 
user's accounting data is sent via the second computer to 
the third computer. The method of Fig. 23 does not need 
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the third cipher key generated, sent and received at all, 
so that the procedure is simple* 

In the case of electronic settlement systems, in 
general, there are a plurality of accounting centers 
5 representative of credit companies* Therefore, 
naturally, there is a need for a plurality of third 
cipher keys, which are public keys. As explained with 
reference to Fig. 7b, there is a need for an RSA1024 
grade or more, that is, 128 bytes or more if an RSA 
10 cipher function is used. The third cipher key 817b can 
therefore enter only one place of 188 bytes of the BCA* 
However, elliptic -function cipher keys (elliptic ciphers) 
p which have appeared in recent years give, with small 

Jl capacity, security e<iuivalent to that of RSA. In recent 

% 15 years, RSA function RSA1024 has been the lowest standard 
of banking data security. While an RSA function needs 
128 bytes, it is said that an elliptic cipher needs only 
f | about 20 through 22 bytes for equivalent security. 

? Therefore, as shown in Fig. 7c, it is possible to store 

^ 20 in the BCA seven, eight or fewer third ciphers which deal 
ly with banking data. The use of elliptic functions 

C& realizes a BCA- application electronic settlement system 

which can deal with a plurality of essential banking 
centers* Eaqplanation has been made, concentrated on the 
25 third cipher, but even if an elliptic cipher is used for 
the public key for the first cipher key, its effect is 
similar because high security is kept in relation to a 
plurality of electronic stores. 

With reference to Fig. 24, the RAM disk 
30 recorder/ reproducer with a BCA explained with reference 
to Fig. 10 will be described in more detail. As an 
embodiment, the procedure for recording in a RAM disk in 
a so-called pay-per-view system will be described* 
First, with its program transmitter 883, a CATV company 
35 or another software company enciphers movie software or 
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other contents 880 by using the first cipher key 882 in 
the first encoder to generate a first cipher 900, and 
sends this cipher to a decoder 886 such as each user's 
CATV decoder. If the decoder 886 sends a request for a 
particular program through a network to a key issue 
center 884/ the center sends the first decoding data 885a 
to the first decoding part 887 of the first decoder 886, 
The first decoding data 885a is a particular piece of 
software such as the scramble release key for the 
particular decoder system ID number and particular timing 
data 903, and includes a recording permission card 901 
for a RAM disk* The first decoding part 887 decodes the 
first cipher 900 with the system ID 888 and first 
decoding data 885a. In the case of a picture signal, the 
signal descrambled once and scrambled further with 
another cipher to protect the signal from being copied is 
output from the third cipher output part 889* The 
picture can be viewed and listened to on a general TV 
899 , though the original signal is guarded from being 
copied* If the recording permission code 901a is NO, it 
is not possible to record in a HAH disk 894* If OK, 
however, it is possible to record in only one RAM disk 
894* This method will be explained* 

In the decoder 886/ an IC card 902 is inserted, and 
the BCA reproduction part 895 reads the BCA of the RAM 
disk 894 in a RAM recorder* Then the disk ID 905 is sent 
to the IC card 902. The IC card 902 checks the recording 
permission code 901a and the present time data 904 
obtained from the disk IC 905 and the decoder 886, and 
makes a two-way hand- shake type copy check 907 with the 
third cipher output part 889. If the recording 
permission code and copy checks are OK, the second 
auxiliary encoder 891 in the IC card 902 issues a second 
cipher key 906. The second encoder 890 enciphers the 
third cipher again to generate a second cipher, which is 
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the contents 880 enciphered with the disk ID of a 
particular disk. The second cipher is sent to the RAM 
recorder 892, where it is 8*15 or 8-16 modulated by the 
first modulation part in the recording means 893 « The 
5 second cipher 912 is recorded in the first recording area 
894a of the RAM disk 894 by means of a laser* In this 
way, the data of the RAH disk 894 is enciphered with the 
particular disk ID number. 

When the reproduction signals in this disk are 8-16 

10 demodulated by the first modulation 896a using a normal 
reproduction means 896, the second cipher of the contents 
is output • The second decoder 897 has second decoding 
keys 898a, 898b and 898c, which correspond to the cipher 
keys of the IC cards different for CATV stations or other 

15 program supply companies, respectively. In this case, 
the decoding key identification data of the decoder 868 
or IC card 886 has been recorded in the first recording 
area 894a. The reproducer reads the decoding key 
identification data 913 from the first recording area 

20 894a. The decoding key selection means 914 automatically 
selects out of the decoding keys 898a through 898z the 
second decoding key 898a corresponding to each cipher 
key. With the disk ID 905a as a key, the second decoder 
897 decodes the second cipher. An IC card having a 

25 particular decoding key might be used. In the case of an 
image, it is possible to obtain a normal image 
descrambled at a TV 899a. 

In the system of Fig. 24, a disk ID 905 is sent to 
the IC card inserted into the decoder in each user's home 

30 to encipher picture image data and/or the like. It is 
therefore not necessary for the software company 883 to 
individually change the cipher of the contents for 
distribution to users. Consequently, when broadcasting 
scrambled pay-per-view images to a great number of 

35 viewers as is the case with satellite broadcasting and 
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CATV, it is possible to permit recording in only one RAM 
disk per user. 

If, at the same time when recording is made in a 
disk in the system of Pig. 24, an attempt is made to 
illegally copy, that is, record in a second disk, that 
is, a RAM disk of another disk ID, it is not possible to 
alter the disk ID because two-layer disks are used for 
BCAs. Therefore, unauthorized copying in the second disk 
at the same time is prevented, it can be considered that 
during another time period, a simulated or dummy 
recording permission code 901a and/or a third cipher is 
sent to the decoder and/or ic card and data is recorded 
in a RAM disk of another disk id. Even agaiast such 
unauthorized practice, the decoder time data control part 

902 in the IC card compares the time of the timing data 

903 of the key issue center 884 and/or the time of the 
time data of the contents and the present time of the 
time data part 904a in the decoder to judge if they 
coincide. if so (OK), the ic card 902 permits the 
encipherment of the second cipher computing unit 990. 

In this case, a hand-shake type time check method 
might be used which makes the second encoder 890 and 
first decoder 887 exchange check data bidirectionally. 

in the case of the hand-shake type, the second 
cipher computing unit 890 including the ic card, the 
first decoding part 887, and the third cipher part 889 
confirm the cipher data bidirectionally. This prevents 
the unauthorized copying during the other time periods 
outside the time when the contents are sent. 

In this way, in each user's decoder 886, the 
software company's contents are recorded in only one RAM 
disk 894 for each particular disk ID. This disk can be 
reproduced by any RAM disk reproducer. Even in the case 
of recording in a RAM disk by the method of Fig. 24, the 
software company's copyright is protected. Althoughthe 
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encipherment and decoding have been explained with 
reference to the cipher encoders and cipher decoders, 
respectively, in the detailed description of the 
drawings, the cipher algorithm and the decoding algorithm 
5 are practically used with programs in a CPU. 

INDUSTRIAL APPLICABILITY 

By thus recording in advance the cipher key and/or 
the decoding key for an ID and/or a cipher in the BCA 
area of an optical disk, it is possible to release the 

10 cipher of enciphered contents by a simpler procedure. In 
addition, the secrecy of communication is realized 
without a conventional procedure for registration. By 
storing a network check program in contents, it is 
possible to prevent pieces of software of the same ID on 

15 the same network being installed* Thus, there are 
various effects on the improvement of security* 
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REFERENCE NUMERALS 





801: 


disk with a BCA 




802 t 


fixed key 




803: 


cipher encoder or scrambler 


5 


804: 


recording meant? 




805: 


contents 




806 : 


ID 




807 : 


trimmincr unit 
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fin fib • 






808c : 


boiifiiiicr m*t nil :f Tift 




809: 


c omnia ted disk 




809a: 


s incrl e- s ided disk 




809b: 


s incrl g- sided disk 


15 


811: 


press field 




813: 


fixed key 




814: 


BCA area 




815: 


disk ID 




816: 


first cipher key (secret key) 


20 


817: 


second cipher key (secret key) 




818: 


connection address 




819: 


reproducing unit 




820: 


BCA reproducing section 




821: 


password issue center 


25 


822: 


communication section 




823: 


network 




824: 


s% 4 T*l Vl Y* V#*vr T)Tl 




825: 


first decoding key 




826: 


contents number 


30 


827: 


first cipher decoder 




828: 


accounting center 




829: 


second decoding key 




830: 


accounting data 




831: 


second cipher encoder 
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832 : 


second cipher decoder 




833 : 


timing aata 




834 : 


password producing section 




835 s 




5 


836: 


pujtouual Computer 




837: 


wxiix-a ciecociing key 




838: 


common key 




839: 


cnira cipher key 




840 : 


cnxrd cipher encoder 


10 




third cipher decoder 




o?« : 


main cipher encoder 






main cipher decoder 






xaain decoding key 




o*±o : 


first cipher decoder 




84© : 


cipher encoder 


IF' 


<>Tk / : 


cipher decoder 




o^y : 


BCA data 


""li 


850: 


writing layer 




851: 




3 20 


852: 


general oar code 




853 : 


decoder 


y 

■/;?' 


860: 


bqwwmu ^ipjaer encoder 




861: 


ocwuaa cxpner decoder 




862: 


u<&^a reproducing section 


25 


863 : 


ituca area 




ft £4. * 
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additional recording area 




865: 


decoding flowchart 
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second cipher computing unit 






first recording area 


30 


QAO • 


Internet 




909: 


i**Bt computer 




910 t 


second computer 




911: 


third computer 




912: 


second cipher 


35 


913: 


decoding key identifying data 
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5 



15 



914: 


decoding key selecting means 


915: 


first slice level 


916: 


second slice level 


917: 


PE-RZ modulator 


918: 


transparent substrate 


919: 


first recording area 


920: 


second recording area 


921: 


disk ID 


922: 


BCA flag 


923: 


CPU 


924: 


control data 


925: 


EFM demodulation 


926: 


8-15 modulation-demodulation 


927: 


8-16 modulation-demodulation 


928: 


first demodulating section 


930: 


second demodulating section 


931: 


connection address 



